This invention relates in general to memory systems, and in particular to a memory system with versatile content control features.
Storage devices such as flash memory cards have become the storage medium of choice for storing digital content such as photographs. Flash memory cards may also be used to distribute other types of media content. Moreover, an increasing variety of host devices such as computers, digital cameras, cellular telephones, personal digital assistants (PDAs) and media players such as MP3 players now have the capability of rendering the media content stored in flash memory cards. There is thus great potential for flash memory cards, as well as other types of mobile storage devices, to become a widely used vehicle for distributing digital content.
One of the key concerns to owners and distributors of digital content is that only authorized parties should be allowed to access the content, after the content has been distributed, either through downloads from networks such as the Internet, or through the distribution of content on storage devices. One of the ways to avoid unauthorized access is to use a system for establishing the identity of the party before content access is granted to the party. Systems such as the public key infrastructure (PKI) have been developed for this purpose. In a PKI system, a trusted authority known as a certificate authority (CA) issues certificates for proving the identity of persons and organizations. Parties such as organizations and persons who wish to establish proof of identity may register with the certificate authority with adequate evidence for proving their identity. After the identity of the party has been proven to the CA, the CA will issue a certificate to such party. The certificate typically includes the name of the CA that issued the certificate, the name of the party to whom the certificate is issued, a public key of the party, and the public key of the party signed (typically by encrypting a digest of the public key) by a private key of the CA.
The private key and the public key of the CA are related so that any data encrypted using the public key may be decrypted by means of the private key, and vice versa. The private key and the public key thus form a key pair. An explanation of the private and public key pair for cryptography is provided by in “PKCS#1 v2.1:RSA Cryptography Standard,” dated Jun. 14, 2002, from RSA Security Inc. The public key of the CA is made publicly available. Therefore, when one party wishes to verify whether the certificate presented by another party is genuine, the verifying party may simply use the public key of the CA to decrypt the encrypted digest of the public key in the certificate using a decryption algorithm. The decryption algorithm is typically also identified in the certificate. If the decrypted digest of the public key in the certificate matches the digest of the unencrypted public key in the certificate, this proves that the public key in the certificate has not been tampered with and is genuine, based on trust in the CA and authenticity of the public key of the CA.
To verify the identity of a party, the verifying party typically will send a challenge (e.g. random number) and ask that the other party send his or her certificate as well as a response to the challenge (i.e. the random number encrypted with the private key of the other party). When the response and certificate are received, the verifying party first verifies whether the public key in the certificate is genuine by the process above. If the public key is verified to be genuine, the verifying party can then decrypt the response using the public key in the certificate, and compare the result to the random number sent originally. If they match, this means the other party does have the correct private key, and for that reason has proven his or her identity. If the public key in the certificate is not genuine, or if the decrypted response fails to match the challenge, authentication fails. Thus, a party wishing to prove his or her identity will need to possess both the certificate and the associated private key.
By means of the above mechanism, two parties who otherwise may not trust each other may establish trust by verifying the public key of the other party in the other party's certificate using the process described above. Recommendation X.509 from the International Telecommunication Union (ITU) Telecommunication Standardization Sector (ITU-T) is a standard that specifies certificate frameworks. More detailed information concerning certificates and their use can be found in this standard.
For convenience in administration, and in large organizations, it may be appropriate for a higher level CA, known as the root CA, to delegate the responsibility for issuing certificates to several lower level CAs. In a two level hierarchy, for example, the root CA at the top level issues certificates to the lower level CAs to certify that the public keys of these low level authorities are genuine. These lower level authorities, in turn, issue certificates to parties through the registration process described above. The verifying process starts from the top of the certificate chain. The verifying party will first use the public key of the root CA (known to be genuine) to first verify the genuineness of the public key of the lower level CA. Once the genuineness of the public key of the lower level CA has been verified, then the genuineness of the public key of the party to whom the lower level issued a certificate can be verified using the verified public key of the lower level CA. The certificates issued by the root CA and by the lower level CA then form a chain of two certificates of the party whose identity is being verified.
Certificate hierarchies may of course include more than two levels, where each CA except for the root CA at a lower level derives its authority from a higher level CA, and has a certificate containing its public key issued by the higher level CA. Therefore, in order to verify the genuineness of another party's public key, it may be necessary to trace the path or chain of certificates to the root CA. In other words, in order to establish one's identity, the party whose identity needs to be proven may need to produce the entire chain of certificates, all the way from its own certificate to the root CA certificate.
As noted above, the root certificate and all certificates issued to CAs, such as certificates issued to the lower level CAs in a certificate hierarchy described above, are made publicly available. At present, the presentation of certificates for proving identity have taken two forms. In a first form, the party wishing to be authenticated presents merely its own certificate issued by a CA, which certificate is the last one in the certificate chain. If the verifying party does not have the public key of the CA that issued the certificate, it is up to such party to obtain the public key of the CA to perform the verification. In the event that the public key of a still higher authority is necessary to verify the public key of a lower level CA, the verifying party will need to trace the path to the certificate and public key of the higher level CA, using the names of the issuers in the certificates. This process continues until the verifying party reaches the CA whose public key is known to be genuine without further verification.
In a second form of certificate authentication, while all of the certificates in the chain may be presented by the party wishing to be authenticated, the certificates are not needed to be presented in any particular order. If along with the certificates, the party wishing to be authenticated also presents information on the proper order of the certificates in the chain that is sent to the verifying party, this information may appear late in the message so that the verifying party may not know the proper sequence of the certificates until the entire chain of certificates has been received.
The first form of certificate exchange and verification assumes that the verifying party is able to access the missing certificates. While it is possible for devices such as computers and cellular telephones to access networks such as the Internet in order to obtain the missing certificates, storage devices such as flash memory cards have not been used to do so on their own.
In the second form of certificate exchange and verification, all of the certificates are presented in the message sent to the verifying device, making it unnecessary for the verifying device to obtain the certificates. However, the certificates may not be sent in any particular order and information concerning the sequence of certificates in the chain may appear anywhere in the message, such as at the end of the message. This means that before any particular certificate in the chain can be analyzed for verification, the entire group of certificates needs to be received and stored before verification can begin. While this may not be a problem for host devices such as computers, PDAs and cellular telephones, this may present a problem for storage devices. Storage devices may have embedded memory capacities and processing power that are too limited for storing and efficiently analyzing long strings of certificates.
Due to the various issues and problems described above, none of the systems currently in use in storage and host devices is entirely satisfactory. It is therefore desirable to provide improved systems with better characteristics.